edsysad.org

***Security Alert*** – This should only be done where you 110% trust the proxy that is forwarded the client IP. It is quite easier to spoof an IP address using X-Forwarded-For headers.

If you have a couple of webservers behind a load blancer than you’ve probably noticed that your logs and many time web application incorrectly log the IP address of the load balancer.

This is totally expected behavior and is an important security feature in a standard Apache server.

However, it is also a pain.

Of course there is an easy way to solve the problem.

1. One enable the feature of your load balancer to turn on X-Forwarded-For headers. (The name is slightly different depending on the device so I’m not always sure about the specifics.)
2. Make sure that you are actually forwarding the additional header. I used my phpinfo() file to check you should see “HTTP_X_FORWARDED_FOR” in the apache environment section. If not than your load balancer is not correctly configured to pass the correct header. Troubleshoot until you can see this variable in the phpinfo().
   
3. Enable and configure the mod_rpaf module for your apache server.
4. Restart the webserver.
5. Check your phpinfo() file and you should now see the correct IP address in the “REMOTE_ADDR” section. You can also still see that the request came from in the “HTTP VIA” section.

You should now see the correct IP in WordPress comments and Moodle logs.

***Security Alert*** – This should only be done where you 110% trust the proxy that is forwarded the client IP. It is quite easier to spoof an IP address using X-Forwarded-For headers.

This is exactly why K-12 institutions need to spend more time developing their own cloud services.

Ning is no longer free….

I hope your district hasn’t focused on staff development tied to free services.

So, I finally took a deeper look at the Common Core Standards and I’m pretty excited.

The standards themselves have a few new features, such as the way they are grouped and the fact that there are specific literacy skills related to humanities and science. Check them out for yourself.

What gets me excited is that when I see those standards, I see a huge opportunity to change the way educational content is created, delivered, and the potential for some amazing innovation.

First, lets talk creation. The same group of states that is banding together to develop these standards (48 states, 2 territories, and DC) should come together to create an open source curriculum. Using the model of open-source, the curriculum could be used as is for a base by districts or others can profit by value adds. In other words, lets have experts layout an open-source curriculum or two and make them freely available. Then we can let the publishing companies of the world make there money by adding to it with additional multimedia, teacher resources, student services, etc…. that they are experts at creating. It would be great because the basic building blocks would be available to all districts rich and poor and current educational materials companies still have a place in the curriculum ecosystem.

Next, lets take delivery to the next level. There needs to be open standards for curriculum delivery systems. Districts, schools, or teachers should be able to access that third party material mentioned above as easily as we buy a song from iTunes or an ebook from Amazon. Imagine how cool it would be for a district to purchase yearly rights to various digital databases and resources from which teachers could pull various pieces. The stores could become social networking hubs for teacher collaboration and using social bookmarking technologies the best and most popular resources could automatically rise to the top. Best of all a market could emerge for educational professions to submit their own curriculum (a la app store) for purchase.

So now you have teachers taking ownership of their teaching and responsible for getting the best hand picked curriculum they can  get. Differentiation in the classroom would be greatly simplified because teachers would have instant access to at least the open-source curriculum, if not several other high quality additions from various professional producers of content and/or peer designers. Student learning styles could be addressed by the fact that each student could have learning materials that are geared towards their likes and dislikes. It would be fantastic!

All I know is that standardization at larger scales has the potential to create a new market that will drive educational curriculum in a new direction. I believe it is sweet irony that Texas is going through it’s currently curriculum crisis and is one of the few states that isn’t part of this movement. The educational system of Texas will go from one of the driving forces behind textbook creation to an obscure backwater in a couple of years. At least one can hope!

So, needless to say I’m not nearly as impressed by the iPad as I had hoped. It doesn’t have have flash, it doesn’t have a camera, and it based on the iPhone OS. My geek gene gets excited at the potential for gaming, the multi-touch pressure screen, and the inclusion of iWork apps but my beware of proprietary software gene is also freaking out.

I’ve been hearing the iPad described as a new metaphor or paradigm for computing. Sure this seems like the smart thing to say given the initial response to the iPod and its future commercial success. But if the iPad represents the “new” model of computing I don’t want it!

First, this is not a creation device. The iPad is the exact opposite, the “ultimate” consumption device. IMHO Apple has created a device to monopolize your consumption of music, film, media, gaming, and books. Already, we have a population that is losing its ability to be creative and the idea that an iPad would become the norm just accelerates that downward spiral. It doesn’t record, it doesn’t take video, it doesn’t take pictures, and it doesn’t provide an easy method to transfer these things from other devices. It just deliverers content to the consumer. Of course, iWork offers some hope but Keynotes without multimedia are sort of 90s so where can I pull my content from?

Second, the iPad is not stand-alone. At the end of the day if you want your pictures, videos, and music you still have to sync to a computer. Jobs can bash netbooks but at least they don’t need a mothership to function. I’m not sure if this is a limitation of iPhone OS or intentional but it is very lame.

Finally, I’m deeply concerned by the potential for Apple to control who and what gets seen by potentially millions of consumers. In theory, and without violating your user agreement, you cannot tap into content from any other source except the iTunes store. I find this incredibly scary given Apple’s erratic approval process for apps. If the iPad takes off, and I believe that it most likely will, Apple will have a powerful grip over the future of not only the entertainment industry, but gaming, film, publishing, and more that we haven’t even imagined yet.

While the iPad device is a huge innovation in multi-touch device and flexible user interface, I believe the wide-scale adoption of computing premise could stifle innovation and create the next big computing monopoly, a la Microsoft. That would be a shame and would mean another decade of stunted innovation. It would also mean an end to the resurgence of creativity amongst normal folks as their new device will only allow to express themselves in ways that Apple finds acceptable.

http://thejournal.com/Articles/2009/12/10/5-K12-Technology-Trends-for-2010.aspx

Sort of lame list….I think mine is better.

I think the biggest item missing from this list is open-source, open-source, and open-source. With raging budget deficits across the country educational institutions across the K-20 spectrum are going to be looking hard at open/free alternatives in their upcoming technology adoptions.

I also think that the recession is a nature time for us turn away from capacity building to spending some time developing efficiencies with the technologies we have. I look at the technologies that are available to most educators and would be willing to bet they only tap 25-35% of the capacity of a given device/service/application. You could make huge gains by increasing that efficiency to 45-55% for less than building more capacity.

And even though it develops capacity, I see virtualization really taking off! Their will be growing needs for technology but no money to purchase new hardware. Using VM, institutions will be able to create capacity by tapping unused potential in existing hardware infrastructure.

Again, economic troubles will bring Google Apps up as a viable option.

Educational content providers will figure out a way to provide a more iTunes like way of distributing digital content. This also has the potential to bring down the costs of distribution of instructional materials.

While this post is written with K-12 schools in mind it could be used by small colleges and even businesses.

So what the heck is a “cloud”? For the most part it is a return to centralized computing using the web browser as the application of choice. The using the cloud allows you to provide software as a Service (SaaS). This is a great article on the cloud.

Ultimately, schools have not systematically embraced the “cloud” or Web 2.0 because they have very little control over the tools that are offered. Even Google Apps for Education, arguably the best “cloud” application currently available to schools, has some Terms of Use language that makes some teachers and/or administrators flinch. The need for control, whether necessary or not, has held back innovation in schools for too long. This guide will help lay out a path to creating your own “cloud”.

So let’s start with some basics:

• Virtualization
  Server that supports virtualization. At this point you can pretty much use PC, Mac, or Linux depending on personal preference. This will allow you to tinker more, and the resulting virtualized application is highly portable.

  Here are some of the virtualization products I’ve used:

  • Virtual Box by Sun Microsystems
  • VMware by VMware
• Linux
  Basically, this is a package that lets you easily install an Apache web server with all of the necessary technologies (PHP and MySQL) very quickly. Each one is a bit different depending on the host OS but they all do the same thing. I suggest that for the first time you use a Linux distro with a GUI. This allows you to start experimenting with Linux while still having a comfortable GUI from which to work. In particular, I’ve found both Ubuntu and OpenSUSE to be very user friendly and both have a wide base of support.
• Web Apps
  For an average school or classroom the following give you a great starting point:
  • Moodle (Course Management System)
  • WordPressMU / BuddyPress (Blog/Social Networking)
  • Elgg (Social Networking)
  • EyeOS (Web-based operating system)
  • Mindtouch Core (Wiki)
• LDAP via Active Directory/Open Directory
  LDAP allows you to more efficiently control your user-base on these systems. Most school districts already a have one of these systems in place so it is just a matter of setting up the correct permissions and your users, faculty and students, can log in using their usual info.
• Server Hardware
  To begin with you can run any of these applications via laptop or desktop. My original setup was on a Macbook with a Core 2 Duo and 2 GB of RAM. For production, you want something a little more substantial but we’ll address that when we get there.
• Dedicated IP Address and DNS Record
  Most of these applications require that you use a dedicated/static IP address. This just means that your server’s IP address will not change over time. It is also important that your server has a domain name. This can be done via DNS, which will most likely require the help of your IT department or to begin with a modification to your servers HOSTS file.

Above, is the outline of what the next few posts will be about. We’re going to look at setting up a linux webserver inside of Virtual Box, then we are going to install our first web application, and then we’ll look at how to use Apache Virtual servers to host multiple web applications.

The end result will be cloud services for your organization with a focus on utilizing current open-source technologies.

****No longer works in WP 3.0****

So I had a teacher who really wanted to use the Arras theme with their class. Unfortunately, it didn’t play nicely with WPMU.

I tinkered for a couple of hours and I think that I have a semi-workable solution.

Basically, I did two things:

1. I added the necessary WP includes so that you can use all of the regular WPMU functions.
2. I added some logic that made it work with a multiple blog setup.

***I am not a programmer by trade, so there may be major mistakes in my logic. Hopefully this will help you get started. ***

First, I added the WPMU includes to the top of the /library/timthumb.php

[code]
include('../../../../wp-blog-header.php');
include('../../../../wp-includes/general-template.php');
[/code]

This made it possible to use regular WPMU function calls.

Next, I went down to line 520 and added some code to the function using WPMU functions.

[code]
/**
* tidy up the image source url
*/
function cleanSource($src) {
//Added Globals for functions
global $current_blog, $current_site;

// remove slash from start of string
if(strpos($src, "/") == 0) {
$src = substr($src, -(strlen($src) - 1));
}

// remove http/ https/ ftp
$src = preg_replace("/^((ht|f)tp(s|):\/\/)/i", "", $src);
// remove domain name from the source url
//Changed path logic
$path = $current_blog->path;
$path = str_replace("/", "", $path);
$host = $_SERVER["HTTP_HOST"]. '/'. $path ;

$src = str_replace($host, "", $src);

//Added blogs.dir logic
$src = str_replace("/files/", "blogs.dir/". $current_blog->blog_id . "/files/", $src);
$host = str_replace("www.", "", $host);
$src = str_replace($host, "", $src);

// don't allow users the ability to use '../'
// in order to gain access to files below document root

// src should be specified relative to document root like:
// src=images/img.jpg or src=/images/img.jpg
// not like:
// src=../images/img.jpg
$src = preg_replace("/\.\.+\//", "", $src);

//print_r($_SERVER);

// get path to image on file system. Changed from original.
$src = $_SERVER['DOCUMENT_ROOT'] . '/wp-content/'. $src;

return $src;

// get path to image on file system. Appended 10/4
if ($current_blog->blog_id == 1) {
$src = $_SERVER['DOCUMENT_ROOT'] . '/wp-content/blogs.dir/1/'. $src;

return $src;

}else{

$src = $_SERVER['DOCUMENT_ROOT'] . '/wp-content/'. $src;

return $src;
}

}

[/code]

It worked for me and hopefully it will work for you. Here is the php timthumb that I used.

timthumb.php

Updated 10/4 – timthumb.php

Will Richardson seems a bit concerned about the “Tops” lack of understanding, when it comes to high level officials. I wonder though if Brad Jupp isn’t correct. I mean there are two major undiscussed issues here.

The first is, “What Lawsuits?” Can anybody actually find a lawsuit related to blogging or the use of wikis? I couldn’t upon a 5 minute Google search. All I could find is a student suing their old principal for discipline related to cyberbullying on Facebook. It seems like every reference to a pending lawsuit had to do with social networking…interesting.

It would seem to me that the bigger problem is two-fold. First, in most cases schools have a ineffective or outdated policies for dealing with students/staff use of the web. Second, there is a major generational gap between how adults and teens/kids view the use of the Internet and what constitutes public.

Now is the time that school districts should update their AUP policies. Most important is that these policies are updated with a group of students, teachers, parents, and administrators. Each group looks at Web 2.0 applications through a different lens and it is a chance to set expectations for their use by all interested parties. Having a defined set of policies related to these technologies makes it much easier to handle the occasional problem that may come up from their use.

Now is also time to do some work to bridge the generational gap. It is important that educators using these tools understand how they are preceived by youth. Of course this is a two way street and using these tools is also a great time for educators to share important information about why privacy is important, the permanacy of the web, and the web is not as anonymous as you may think.

Finally, I think that teachers, administrators, and school IT departments need to look at the “free” Web 2.0 applications and decide why do we actually want this tool? What is the pedagogy driving instruction with these tools?

Part two of this issue is whether or not you need to use public Web 2.0 apps at all. There are some many incredibly easy to setup and use open source Web apps out there today. Any IT director worth a dime can have these systems up and running in no time. Most importantly these tools can almost always be tied to a directory server which makes user management a snap.

Using these tools a district can host it’s own social networking (Elgg or Buddypress), wikis (Deki Wiki), and blogs (WordPress or Moveable Type). Educators get the advantage of these powerful tools, while administrators and IT directors get to have the control they need. Give you students some training wheels before they set off on the information superhighway.

Basically, it comes down to the basic issue of control and accountability. In a K-12 school environment you have to have both and the only way to do this is keep you Web 2.0 services in house.

I’ve finally had a chance to play with the new version of Elgg. The first order of business was to getting LDAP working for authentication and account creation. While the interface was quite a bit different, the setup was very similar to the previous version. As an added bonus the configuration is done through the web interface without needing to edit configuration files.

Things you need:

• Running Elgg Installation
• Running LDAP Server with user information
• LDAP Browser tool (I prefer JXplorer) highly recommended

(more…)